(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0s | source

See also: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-..., https://nextjs.org/blog/security-update-2025-12-11

Show context

rikafurude21 ◴[11 Dec 25 21:23 UTC] No.46237343[source]▶

>>46236924 (OP) #

Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues

replies(3): >>46237389 #>>46238088 #>>46238360 #

1. rickhanlonii ◴[11 Dec 25 22:22 UTC] No.46238088[source]▶

>>46237343 #

GitHub has to review the advisories and publish it for it to show in `npm audit`, so it's delayed.

↑

Denial of service and source code exposure in React Server Components